3
CVEs
0
Critical
0
High
0
KEV
0
PoC
0
Unpatched C/H
66.7%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
0
MEDIUM
1
LOW
2
Monthly CVE Trend
Affected Products (30)
Wincc
30
Simatic Pcs7
24
Scalance Lpe9403 Firmware
16
Simatic S7 1500 Cpu Firmware
12
Scalance M874 3 Firmware
10
Scalance M876 4 Firmware
10
Scalance M874 2 Firmware
10
Scalance S615 Firmware
10
Scalance M804Pb Firmware
10
Scalance X308 2M Firmware
10
Scalance M876 3 Firmware
10
Scalance Mum856 1 Eu Firmware
9
Scalance X308 2Ld Firmware
9
Scalance M816 1 Annex B Firmware
9
Siplus Net Scalance X308 2 Firmware
9
Scalance X304 2Fe Firmware
9
Scalance M816 1 Annex A Firmware
9
Scalance M876 4 Nam Firmware
9
Scalance X310 Firmware
9
Scalance X408 2 Firmware
9
Scalance Xr324 4M Poe Firmware
9
Scalance X307 3 Firmware
9
Scalance Xr324 12M Firmware
9
Scalance Mum856 1 A1 Firmware
9
Scalance X306 1Ldfe Firmware
9
Scalance Mum856 1 B1 Firmware
9
Scalance Mum856 1 Row Firmware
9
Scalance Mum853 1 A1 Firmware
9
Scalance X307 2Eec Firmware
9
Scalance X308 2Lh Firmware
9
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-40745 | Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation allows unauthenticated remote attackers to perform man-in-the-middle attacks against the Analytics Service endpoint. An attacker positioned on the network path can intercept and decrypt communications, potentially disclosing sensitive information. CVSS 3.7 reflects low-severity impact; no public exploit or active exploitation confirmed, but the low attack complexity and network vector indicate practical exploitability in targeted enterprise environments. | MEDIUM | 6.3 | 0.0% | 42 |
No patch
|
| CVE-2026-47191 | Integrity bypass in Siemens kas (pip/kas < 5.3) allows an attacker who controls a referenced external git repository to substitute arbitrary commit content by creating a branch whose name matches the commit SHA recorded in a kas configuration file. Because kas passed the raw SHA string to `git checkout` without forcing disambiguation to a commit object, git resolves a branch of that name instead of the pinned commit, defeating the integrity guarantee users rely on. The primary impact falls on SHA-256 commit IDs; SHA-1 commits face a related but distinct risk through hash-collision substitution. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV. | LOW | – | 0.0% | – |
|
| CVE-2026-47192 | Late signature validation in Siemens kas (pip/kas >= 4.8, < 5.3) allows an attacker who has already compromised a referenced upstream repository to substitute the cryptographic key used to validate that repository's tag signatures, effectively bypassing integrity checks entirely. Because kas processes and applies configuration includes from external repositories before verifying their signatures, a malicious repository can redirect the signature-validation key to one under attacker control. No public exploit code has been identified at time of analysis, and exploitation requires a highly specific multi-condition scenario including prior supply-chain access to a referenced upstream repo. Vendor-released patch version 5.3 resolves all related attack vectors. | LOW | – | 0.0% | – |
|